Vulnerability Name:

CVE-2005-3624 (CCN-24022)

Assigned:2005-12-31
Published:2005-12-31
Updated:2018-10-19
Summary:The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.15

Source: SGI
Type: UNKNOWN
20051201-01-U

Source: SGI
Type: UNKNOWN
20060101-01-U

Source: SGI
Type: UNKNOWN
20060201-01-U

Source: MITRE
Type: CNA
CVE-2005-3624

Source: SUSE
Type: Patch
SUSE-SA:2006:001

Source: CCN
Type: RHSA-2005-840
xpdf security update

Source: CCN
Type: RHSA-2005-868
kdegraphics security update

Source: CCN
Type: RHSA-2006-0160
tetex security update

Source: CCN
Type: RHSA-2006-0163
cups security update

Source: CCN
Type: RHSA-2006-0177
gpdf security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0177

Source: CCN
Type: Chris Evans Security Advisory CESA-2005-003 - rev 2
xpdf (and derivatives) buffer and integer overflows

Source: MISC
Type: Exploit, Vendor Advisory
http://scary.beasts.org/security/CESA-2005-003.txt

Source: SECUNIA
Type: UNKNOWN
18147

Source: CCN
Type: SA18303
xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18303

Source: CCN
Type: SA18312
Poppler Xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18312

Source: SECUNIA
Type: Patch, Vendor Advisory
18313

Source: CCN
Type: SA18329
teTeX Xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18329

Source: CCN
Type: SA18332
CUPS xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18332

Source: SECUNIA
Type: UNKNOWN
18334

Source: SECUNIA
Type: Patch, Vendor Advisory
18338

Source: SECUNIA
Type: Patch, Vendor Advisory
18349

Source: SECUNIA
Type: UNKNOWN
18373

Source: CCN
Type: SA18375
GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18375

Source: SECUNIA
Type: UNKNOWN
18380

Source: SECUNIA
Type: Patch, Vendor Advisory
18385

Source: SECUNIA
Type: Patch, Vendor Advisory
18387

Source: SECUNIA
Type: Patch, Vendor Advisory
18389

Source: CCN
Type: SA18398
libextractor Multiple Xpdf Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18398

Source: SECUNIA
Type: Patch, Vendor Advisory
18407

Source: SECUNIA
Type: UNKNOWN
18414

Source: SECUNIA
Type: Patch, Vendor Advisory
18416

Source: SECUNIA
Type: Vendor Advisory
18423

Source: SECUNIA
Type: UNKNOWN
18425

Source: SECUNIA
Type: UNKNOWN
18428

Source: SECUNIA
Type: UNKNOWN
18436

Source: SECUNIA
Type: Patch, Vendor Advisory
18448

Source: SECUNIA
Type: UNKNOWN
18463

Source: SECUNIA
Type: Patch, Vendor Advisory
18517

Source: SECUNIA
Type: Patch, Vendor Advisory
18534

Source: SECUNIA
Type: Patch, Vendor Advisory
18554

Source: SECUNIA
Type: Patch, Vendor Advisory
18582

Source: CCN
Type: SA18642
pdftohtml xpdf Multiple Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18642

Source: SECUNIA
Type: Vendor Advisory
18644

Source: CCN
Type: SA18674
GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18674

Source: SECUNIA
Type: Vendor Advisory
18675

Source: SECUNIA
Type: Vendor Advisory
18679

Source: SECUNIA
Type: UNKNOWN
18908

Source: SECUNIA
Type: Vendor Advisory
18913

Source: SECUNIA
Type: UNKNOWN
19230

Source: SECUNIA
Type: UNKNOWN
19377

Source: CCN
Type: SA25729
Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25729

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-045-09

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-045-04

Source: CCN
Type: Sun Alert ID: 102972
Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
102972

Source: CCN
Type: ASA-2006-009
cups security update (RHSA-2006-0163)

Source: CCN
Type: ASA-2006-012
gpdf security update (RHSA-2006-0177)

Source: CCN
Type: ASA-2006-019
tetex security update (RHSA-2006-0160)

Source: CCN
Type: ASA-2007-281
Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code (SUN 102972)

Source: DEBIAN
Type: UNKNOWN
DSA-931

Source: DEBIAN
Type: UNKNOWN
DSA-932

Source: DEBIAN
Type: UNKNOWN
DSA-937

Source: DEBIAN
Type: UNKNOWN
DSA-938

Source: DEBIAN
Type: UNKNOWN
DSA-940

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-936

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-950

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-961

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-962

Source: DEBIAN
Type: DSA-931
xpdf -- buffer overflows

Source: DEBIAN
Type: DSA-932
kdegraphics -- buffer overflows

Source: DEBIAN
Type: DSA-936
libextractor -- buffer overflows

Source: DEBIAN
Type: DSA-937
tetex-bin -- buffer overflows

Source: DEBIAN
Type: DSA-938
koffice -- buffer overflows

Source: DEBIAN
Type: DSA-940
gpdf -- buffer overflows

Source: DEBIAN
Type: DSA-950
cupsys -- buffer overflows

Source: DEBIAN
Type: DSA-961
pdfkit.framework -- buffer overflows

Source: DEBIAN
Type: DSA-962
pdftohtml -- buffer overflows

Source: CCN
Type: Xpdf Web site
Xpdf: Download

Source: CCN
Type: GLSA-200601-02
KPdf, KWord: Multiple overflows in included Xpdf code

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200601-02

Source: CCN
Type: GLSA-200601-17
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200601-17

Source: CCN
Type: KDE Security Advisory 20051207-2
kpdf/xpdf multiple integer overflows

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20051207-2.txt

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:003

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:004

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:005

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:006

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:008

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2006:010

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:011

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:012

Source: FEDORA
Type: UNKNOWN
FEDORA-2005-025

Source: FEDORA
Type: UNKNOWN
FEDORA-2005-026

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0160

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0163

Source: FEDORA
Type: UNKNOWN
FLSA-2006:176751

Source: FEDORA
Type: UNKNOWN
FLSA:175404

Source: BID
Type: Patch
16143

Source: CCN
Type: BID-16143
KPDF and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2006-0002

Source: CCN
Type: TLSA-2006-2
Multiple vulnerabilities exist in cups

Source: CCN
Type: USN-236-1
xpdf vulnerabilities

Source: CCN
Type: USN-236-2
xpdf vulnerabilities in kword

Source: VUPEN
Type: UNKNOWN
ADV-2006-0047

Source: VUPEN
Type: UNKNOWN
ADV-2007-2280

Source: XF
Type: UNKNOWN
xpdf-ccitt-faxstream-bo(24022)

Source: XF
Type: UNKNOWN
xpdf-ccitt-faxstream-bo(24022)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9437

Source: UBUNTU
Type: UNKNOWN
USN-236-1

Source: SUSE
Type: SUSE-SA:2006:001
xpdf various security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:kde:kdegraphics:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:kde:kdegraphics:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:kde:koffice:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:kde:koffice:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:kde:koffice:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:kde:kpdf:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:kde:kpdf:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:kde:kword:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:libextractor:libextractor:*:*:*:*:*:*:*:*
  • OR cpe:/a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:3.0:sp6:*:*:*:*:*:*
  • OR cpe:/a:tetex:tetex:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:tetex:tetex:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:tetex:tetex:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:tetex:tetex:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:tetex:tetex:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.2:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:sco:openserver:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/o:sco:openserver:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:s_390:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0:*:professional:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10.0:*:*:*:desktop:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8.0:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10.0:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10.0:*:*:*:server:*:x86:*
  • OR cpe:/o:turbolinux:turbolinux:8.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:112129
    P
    		cups-2.3.3op2-4.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105665
    P
    		Security update for samba (Important)
    2021-11-16
    oval:org.mitre.oval:def:9437
    V
    		The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
    2013-04-29
    oval:com.redhat.rhsa:def:20050868
    P
    		RHSA-2005:868: kdegraphics security update (Important)
    2008-03-20
    oval:com.redhat.rhsa:def:20060160
    P
    		RHSA-2006:0160: tetex security update (Moderate)
    2008-03-20
    oval:org.debian:def:961
    V
    		buffer overflows
    2006-02-01
    oval:org.debian:def:962
    V
    		buffer overflows
    2006-02-01
    oval:org.debian:def:950
    V
    		buffer overflows
    2006-01-23
    oval:org.debian:def:940
    V
    		buffer overflows
    2006-01-13
    oval:org.debian:def:937
    V
    		buffer overflows
    2006-01-12
    oval:org.debian:def:938
    V
    		buffer overflows
    2006-01-12
    oval:org.debian:def:936
    V
    		buffer overflows
    2006-01-11
    oval:com.redhat.rhsa:def:20060177
    P
    		RHSA-2006:0177: gpdf security update (Important)
    2006-01-11
    oval:com.redhat.rhsa:def:20060163
    P
    		RHSA-2006:0163: cups security update (Important)
    2006-01-11
    oval:org.debian:def:931
    V
    		buffer overflows
    2006-01-09
    oval:org.debian:def:932
    V
    		buffer overflows
    2006-01-09
    oval:com.redhat.rhsa:def:20050840
    P
    		RHSA-2005:840: xpdf security update (Important)
    2005-12-20
    BACK
    easy_software_products cups 1.1.22
    easy_software_products cups 1.1.22_rc1
    easy_software_products cups 1.1.23
    easy_software_products cups 1.1.23_rc1
    kde kdegraphics 3.2
    kde kdegraphics 3.4.3
    kde koffice 1.4
    kde koffice 1.4.1
    kde koffice 1.4.2
    kde kpdf 3.2
    kde kpdf 3.4.3
    kde kword 1.4.2
    libextractor libextractor *
    poppler poppler 0.4.2
    sgi propack 3.0 sp6
    tetex tetex 1.0.7
    tetex tetex 2.0
    tetex tetex 2.0.1
    tetex tetex 2.0.2
    tetex tetex 3.0
    xpdf xpdf 3.0
    conectiva linux 10.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    gentoo linux *
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.2
    mandrakesoft mandrake linux 10.2
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat enterprise linux desktop 3.0
    redhat enterprise linux desktop 4.0
    redhat fedora core core_1.0
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    redhat fedora core core_4.0
    redhat linux 7.3
    redhat linux 9.0
    redhat linux advanced workstation 2.1
    redhat linux advanced workstation 2.1
    sco openserver 5.0.7
    sco openserver 6.0
    slackware slackware linux 9.0
    slackware slackware linux 9.1
    slackware slackware linux 10.0
    slackware slackware linux 10.1
    slackware slackware linux 10.2
    suse suse linux 1.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.1
    suse suse linux 9.1
    suse suse linux 9.2
    suse suse linux 9.2
    suse suse linux 9.2
    suse suse linux 9.3
    suse suse linux 9.3
    suse suse linux 9.3
    suse suse linux 10.0
    suse suse linux 10.0
    trustix secure linux 2.0
    trustix secure linux 2.2
    trustix secure linux 3.0
    turbolinux turbolinux 10
    turbolinux turbolinux fuji
    turbolinux turbolinux appliance server 1.0_hosting_edition
    turbolinux turbolinux appliance server 1.0_workgroup_edition
    turbolinux turbolinux desktop 10.0
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    turbolinux turbolinux personal *
    turbolinux turbolinux server 8.0
    turbolinux turbolinux server 10.0
    turbolinux turbolinux server 10.0_x86
    turbolinux turbolinux workstation 8.0
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 5.04
    ubuntu ubuntu linux 5.04
    ubuntu ubuntu linux 5.04
    ubuntu ubuntu linux 5.10
    ubuntu ubuntu linux 5.10
    ubuntu ubuntu linux 5.10
    foolabs xpdf 3.01
    kde kde 3.5
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    mandrakesoft mandrake linux corporate server 2.1
    suse suse linux 9.3